From 0af6093dc9ef0cf54fe0c236e9ce27bb08b175c2 Mon Sep 17 00:00:00 2001 From: editheman Date: Fri, 24 Jan 2025 00:03:59 +0200 Subject: [PATCH 1/4] Adding a Dockerfile to vfdecrypt dir --- tools/vfdecrypt/Dockerfile | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 tools/vfdecrypt/Dockerfile diff --git a/tools/vfdecrypt/Dockerfile b/tools/vfdecrypt/Dockerfile new file mode 100644 index 0000000..b2c50a8 --- /dev/null +++ b/tools/vfdecrypt/Dockerfile @@ -0,0 +1,9 @@ +FROM ubuntu:latest + +RUN apt-get update && apt-get install -y make build-essential libssl-dev coreutils + +COPY ../ /vfdecrypt + +WORKDIR /vfdecrypt + +RUN make From 21f1dfb56f21ad4d93d8f5547a9be3cc9a5b8a3a Mon Sep 17 00:00:00 2001 From: editheman Date: Fri, 7 Mar 2025 09:16:59 +0200 Subject: [PATCH 2/4] Dockerfile --- tools/vfdecrypt/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/vfdecrypt/Dockerfile b/tools/vfdecrypt/Dockerfile index b2c50a8..d03591c 100644 --- a/tools/vfdecrypt/Dockerfile +++ b/tools/vfdecrypt/Dockerfile @@ -6,4 +6,4 @@ COPY ../ /vfdecrypt WORKDIR /vfdecrypt -RUN make +CMD make \ No newline at end of file From 9d069b6ce71f0ed2138dccc0ecb28f2b12571d77 Mon Sep 17 00:00:00 2001 From: editheman Date: Fri, 14 Mar 2025 04:51:51 +0200 Subject: [PATCH 3/4] Implementing the use of vfdecrypt contaiener. --- bin/decrypt_fs | 12 +++++++++--- bin/decrypt_kernel | 9 +++++++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/bin/decrypt_fs b/bin/decrypt_fs index f903dba..019d708 100755 --- a/bin/decrypt_fs +++ b/bin/decrypt_fs @@ -22,9 +22,15 @@ if test -z "$rootfs_key"; then ln -f "$dmg" "$decrypted" > /dev/null 2>&1 warn_if_error else - debug "Decrypting dmg file $dmg to $decrypted ..." - debug "$VFDECRYPT -k$rootfs_key -i$dmg -o$decrypted" - "$VFDECRYPT" -k"$rootfs_key" -i"$dmg" -o"$decrypted" > /dev/null 2>&1 + + echo "" > "$decrypted" + + dmg_absolute=$(readlink -f "$dmg") + decrypted_absolute=$(readlink -f "$decrypted") + + docker run -v "$dmg_absolute":/in -v "$decrypted_absolute":/out -t vfdecrypt:latest -k$rootfs_key /in /out > /dev/null 2>&1 + + warn_if_error fi diff --git a/bin/decrypt_kernel b/bin/decrypt_kernel index b030a5d..3a34afd 100755 --- a/bin/decrypt_kernel +++ b/bin/decrypt_kernel @@ -26,8 +26,13 @@ else # Decrypt kernel using instructions below: # https://www.nowsecure.com/blog/2014/04/14/ios-kernel-reversing-step-by-step/ debug "Decrypting kernelcache file $kernelcache_crypted to $kernelcache_decrypted ..." - debug "$XPWN $kernelcache_crypted $kernelcache_decrypted -iv $iv -k $key -decrypt" - "$XPWN" "$kernelcache_crypted" "$kernelcache_decrypted" -iv "$iv" -k "$key" -decrypt > /dev/null 2>&1 + + echo "" > $kernelcache_decrypted # make sure the file exists, otherwise docker maps it as a directory + kernelcache_crypted_absolute=$(readlink -f $kernelcache_crypted) + kernelcache_decrypted_absolute=$(readlink -f $kernelcache_decrypted) + + + docker run -v $kernelcache_crypted_absolute:/in -v $kernelcache_decrypted_absolute:/out -t ghcr.io/malus-security/xpwn:1.0 /in /out -iv $iv -k $key -decrypt > /dev/null 2>&1 warn_if_error fi From ee70440ceb5a50a70be9301f2a23e3131066ecb6 Mon Sep 17 00:00:00 2001 From: editheman Date: Thu, 15 May 2025 20:10:31 +0300 Subject: [PATCH 4/4] Accesing the container from the container registry --- bin/decrypt_fs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/decrypt_fs b/bin/decrypt_fs index 019d708..7122e1b 100755 --- a/bin/decrypt_fs +++ b/bin/decrypt_fs @@ -28,7 +28,7 @@ else dmg_absolute=$(readlink -f "$dmg") decrypted_absolute=$(readlink -f "$decrypted") - docker run -v "$dmg_absolute":/in -v "$decrypted_absolute":/out -t vfdecrypt:latest -k$rootfs_key /in /out > /dev/null 2>&1 + docker run -v "$dmg_absolute":/in -v "$decrypted_absolute":/out -t ghcr.io/malus-security/vfdecrypt:latest -k$rootfs_key /in /out > /dev/null 2>&1 warn_if_error